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Amendments to the Claims 

This listing of claims will replace all prior versions of claims in the application: 
Listing of Claims: 

1 . (Currently amended) A computer implemented system for determining whether a packed 
executable is malware, the system comprising: 

a malware evaluator for determining whether incoming data is malware , wherein the 
incoming data directed to a computing device is intercepted by the malware evaluator : and 

an unpacking module that receives a packed executable from the malware evaluator and 
returns an unpacked executable corresponding to the packed executable; 

wherein the malware evaluator, upon receiving incoming data, determines can at least in 
part determine whether the incoming data is a packed executable, and if so, provides the malware 
evaluator provides the packed executable to the unpacking module md receives such that an 
unpacked executable can be received from the unpacking module an unpacked executable, and 4 
such that the malware evaluator can determine determines whether the unpacked executable is 
malware. 

2. (Withdrawn) A system for unpacking a packed executable for evaluation as malware, the 
system comprising: 

a set of unpacker modules, the set of unpacker modules comprising at least one unpacker 
module and wherein each unpacker module corresponds to executable code for unpacking a 
particular type of packed executable; and 

an unpacking manager, wherein the unpacking manager, upon obtaining a packed 
executable, selects an unpacker module from the set of unpacker modules to unpack the packed 
executable according to the type of the packed executable, and executes the selected unpacker 
module which generates an unpacked executable corresponding to the packed executable. 
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3. (Withdrawn) The system of Claim 2, wherein each unpacker module in the set of 
unpacker modules implements a confirmation interface routine for confirming whether the 
unpacker module is capable of unpacking the packed executable; and 

wherein the unpacking manager selects an unpacker module from the set of unpacker 
modules to unpack the packed executable by: 

iteratively calling the confirmation interface routine of each unpacker module in 
the set of unpacker modules until an unpacker module responds affirmatively to the call of its 
confirmation interface routine indicating that it can unpack the packed executable; and 

selecting that unpacker module that responded affirmatively. 

4. (Original) A method for determining whether incoming data is malware, the method 
comprising: 

intercepting incoming data directed to a computing device; 
determining whether the incoming data is a packed executable; and 
if the incoming data is a packed executable: 

generating an unpacked executable, the unpacked executable corresponding to the 
packed executable; and 

determining whether the packed executable is malware by evaluating whether the 
unpacked executable is malware. 

5. (Withdrawn) A method for unpacking a packed executable for evaluation as malware, the 
method comprising: 

obtaining a packed executable; 

selecting an unpacker module from a set of unpacker modules operable to unpack the 
packed executable; and 

executing the selected unpacker module, thereby generating an unpacked executable 
corresponding to the packed executable. 
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6. (Withdrawn) An extensible unpacking module for unpacking a packed executable for 
evaluation as malware, the system comprising: 

an set of unpacker modules comprising at least one unpacker module, wherein each 
unpacker module corresponds to executable code for unpacking a packed executable of a 
particular type, wherein the set of unpacker modules is dynamically extensible such that 
unpacker modules may be selectively added or removed to the set of unpacker modules; and 

an unpacking manager, wherein the unpacking manager, upon obtaining a packed 
executable, selects an unpacker module from the set of unpacker modules to unpack the packed 
executable according to the type of the packed executable, and executes the selected unpacker 
module which generates an unpacked executable corresponding to the packed executable. 

7. (New) The system of Claim 1 , wherein the returned unpacked executable corresponding 
to the packed executable is based at least in part on code or data derived from employing an 
unpacker other than the loader/unpacker received with the packed executable. 

8. (New) The system of Claim 7, wherein the employed unpacker is selected from a group 
of at least one modularized unpacker modules germane to unpacking a packed executable of a 
particular type and further germane to unpacking a packed executable that has been intercepted 
by the malware evaluator. 

9. (New) The system of Claim 1, wherein the intercepted incoming data resides only in one 
or more logically or physically isolated memory stores such that the intercepted incoming data 
can be located at a computer but does not actually "reach" the computer. 

10. (New) The system of Claim 9, wherein the one or more isolated memory stores comprise 
at least one of a random access memory, a floppy disk, a flash memory storage device, magnetic 
tape, a quarantine area of a hard drive, a logical partition of a hard drive, or combinations 
thereof. 

1 1 . (New) The system of Claim 1, wherein the unpacked executable generated by the 
unpacking module corresponds to a complete packed executable and not just a portion thereof. 
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12. (New) The system of Claim 11, wherein the generated unpacked executable 
corresponding to a complete unpacked executable is unpacked without executing any portion 
thereof. 

13. (New) The system of Claim 1, wherein the malware evaluator determines whether the 
incoming data is malware without unpacking the incoming data if the incoming data is 
determined not to be a packed executable. 

14. (New) The system of Claim 1, wherein the incoming data can be intercepted from at least 
one data source including a wired computer network, a wireless computer network, and 
distributable media further including a floppy disk, a flash memory storage device, a CD-ROM 
disk, a CD-RW disk, a magnetic tape, a DVD-ROM disk, a DVD-RW disk, or combinations 
thereof. 

15. (New) The system of Claim 1, further comprising, first determining whether the 
incoming data is known malware before determining if the incoming data is a packed executable, 
and if not, then determining if the incoming data is a packed executable. 

16. (New) The system of Claim 15, wherein anti-virus software can be employed in 
determining whether the incoming data is malware. 

17. (New) The system of Claim 16, wherein the determining by anti-virus software can be by 
signature or pattern recognition processes. 

18. (New) An electronic device comprising the system of Claim 1, such that the electronic 
device can be placed between a network and a computer device to facilitate intercepting data 
directed to a computing device. 

19. (New) The method of Claim 4, further comprising, first determining whether the 
incoming data is known malware before determining if the incoming data is a packed executable. 
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20 (New) The method of Claim 4, wherein generating an unpacked executable at least in 
part employs an unpacker other than the loader/unpacker received with the packed executable 

21. (New) The method of Claim 20, wherein the employed unpacker is selected from a group 
of at least one modularized unpacker modules germane to unpacking a packed executable of a 
particular type and further germane to unpacking a packed executable that has been intercepted. 

22 (New) The method of Claim 4, wherein intercepting incoming data intercepts data as it 
arrives at the computing device from a network or a distributable media. 

23. (New) The method of Claim 4, wherein generating the unpacked executable occurs 
without executing any portion of the unpacked executable. 

24. (New) The method of Claim 4, wherein the unpacked executable corresponds to a 
complete packed executable and not just a portion thereof. 
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